up

src/Policy/__Tests/StellaOps.Policy.Engine.Tests/Console/ConsoleSimulationDiffServiceTests.cs

@@ -0,0 +1,39 @@
+using System;
+using StellaOps.Policy.Engine.ConsoleSurface;
+using StellaOps.Policy.Engine.Simulation;
+using Xunit;
+
+namespace StellaOps.Policy.Engine.Tests.ConsoleSurface;
+
+public sealed class ConsoleSimulationDiffServiceTests
+{
+    [Fact]
+    public void Compute_IsDeterministic_AndCarriesMetadata()
+    {
+        var analytics = new SimulationAnalyticsService();
+        var service = new ConsoleSimulationDiffService(analytics);
+
+        var request = new ConsoleSimulationDiffRequest(
+            BaselinePolicyVersion: "2025.11.24",
+            CandidatePolicyVersion: "2025.12.02",
+            ArtifactScope: new[]
+            {
+                new ConsoleArtifactScope("sha256:abc", "pkg:npm/foo@1.0.0"),
+                new ConsoleArtifactScope("sha256:def", "pkg:npm/bar@2.0.0")
+            },
+            Filters: new ConsoleSimulationFilters(new[] { "high", "critical" }, new[] { "RULE-1234" }),
+            Budget: new ConsoleSimulationBudget(maxFindings: 10, maxExplainSamples: 5),
+            EvaluationTimestamp: new DateTimeOffset(2025, 12, 2, 0, 0, 0, TimeSpan.Zero));
+
+        var first = service.Compute(request);
+        var second = service.Compute(request);
+
+        Assert.Equal(first, second); // deterministic
+        Assert.Equal("console-policy-23-001", first.SchemaVersion);
+        Assert.True(first.Summary.After.Total > 0);
+        Assert.True(first.Summary.Before.Total > 0);
+        Assert.NotEmpty(first.RuleImpact);
+        Assert.True(first.Samples.Findings.Length <= 10);
+        Assert.Equal(request.EvaluationTimestamp, first.Provenance.EvaluationTimestamp);
+    }
+}

src/Policy/__Tests/StellaOps.Policy.Engine.Tests/PolicyEvaluatorTests.cs

@@ -344,17 +344,19 @@ policy "Baseline Production Policy" syntax "stella-dsl@1" {
 
     private static PolicyEvaluationContext CreateContext(string severity, string exposure, PolicyEvaluationExceptions? exceptions = null)
     {
-        return new PolicyEvaluationContext(
-            new PolicyEvaluationSeverity(severity),
-            new PolicyEvaluationEnvironment(new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase)
-            {
-                ["exposure"] = exposure
-            }.ToImmutableDictionary(StringComparer.OrdinalIgnoreCase)),
-            new PolicyEvaluationAdvisory("GHSA", ImmutableDictionary<string, string>.Empty),
-            PolicyEvaluationVexEvidence.Empty,
-            PolicyEvaluationSbom.Empty,
-            exceptions ?? PolicyEvaluationExceptions.Empty);
-    }
+        return new PolicyEvaluationContext(
+            new PolicyEvaluationSeverity(severity),
+            new PolicyEvaluationEnvironment(new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase)
+            {
+                ["exposure"] = exposure
+            }.ToImmutableDictionary(StringComparer.OrdinalIgnoreCase)),
+            new PolicyEvaluationAdvisory("GHSA", ImmutableDictionary<string, string>.Empty),
+            PolicyEvaluationVexEvidence.Empty,
+            PolicyEvaluationSbom.Empty,
+            exceptions ?? PolicyEvaluationExceptions.Empty,
+            PolicyEvaluationReachability.Unknown,
+            PolicyEvaluationEntropy.Unknown);
+    }
 
     private static string Describe(ImmutableArray<PolicyIssue> issues) =>
         string.Join(" | ", issues.Select(issue => $"{issue.Severity}:{issue.Code}:{issue.Message}"));

src/Policy/__Tests/StellaOps.Policy.Engine.Tests/PolicyRuntimeEvaluationServiceTests.cs

@@ -8,6 +8,7 @@ using StellaOps.Policy.Engine.Evaluation;
 using StellaOps.Policy.Engine.ReachabilityFacts;
 using StellaOps.Policy.Engine.Options;
 using StellaOps.Policy.Engine.Services;
+using StellaOps.Policy.Engine.Signals.Entropy;
 using StellaOps.PolicyDsl;
 using Xunit;
 
@@ -250,6 +251,9 @@ public sealed class PolicyRuntimeEvaluationServiceTests
             Sbom: PolicyEvaluationSbom.Empty,
             Exceptions: PolicyEvaluationExceptions.Empty,
             Reachability: PolicyEvaluationReachability.Unknown,
+            EntropyLayerSummary: null,
+            EntropyReport: null,
+            ProvenanceAttested: null,
             EvaluationTimestamp: new DateTimeOffset(2025, 1, 1, 0, 0, 0, TimeSpan.Zero),
             BypassCache: false);
     }
@@ -262,6 +266,7 @@ public sealed class PolicyRuntimeEvaluationServiceTests
         var options = Microsoft.Extensions.Options.Options.Create(new PolicyEngineOptions());
         var cache = new InMemoryPolicyEvaluationCache(cacheLogger, TimeProvider.System, options);
         var evaluator = new PolicyEvaluator();
+        var entropy = new EntropyPenaltyCalculator(options, NullLogger<EntropyPenaltyCalculator>.Instance);
 
         var reachabilityStore = new InMemoryReachabilityFactsStore(TimeProvider.System);
         var reachabilityCache = new InMemoryReachabilityFactsOverlayCache(
@@ -281,6 +286,7 @@ public sealed class PolicyRuntimeEvaluationServiceTests
             cache,
             evaluator,
             reachabilityService,
+            entropy,
             TimeProvider.System,
             serviceLogger);